CVE-2026-46723 Information Disclosure in extension "Faceted Search" (ke_search)

The additionaltables configuration of the page and ttcontent indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index...

TYPO3-EXT-SA-2026-012: SQL Injection in extension "Address List" (tt_address)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-012...

CVE-2026-31659 batman-adv: reject oversized global TT response buffers

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadvttpreparetvlvglobaldata builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT, the ...

CVE-2026-31659

The CVE-2026-31659 issue affects the batman-adv component in the Linux kernel. batadv_tt_prepare_tvlv_global_data() computes a 16‑bit allocation length for a global TT response; if a remote originator advertises a large TT, the TT payload length plus VLAN offset can exceed 65,535 and wrap before ...

PT-2026-35011

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadv tt prepare tvlv global data builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT,...

CVE-2026-3997

The CVE-2026-3997 entry describes a Stored Cross-Site Scripting vulnerability in the WordPress Text Toggle plugin (versions up to 1.1). The flaw is in avp_texttoggle_part_shortcode(): the ‘title’ shortcode attribute is taken from user input and concatenated into HTML output without escaping, both...

OESA-2026-1576 freetype security update

FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output glyph images of most vector and bitmap font formats Security Fixes: An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in...

Malicious Package

Overview cml-tt-sets is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

USN-7938-1 linux-azure-5.15 vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

CVE-2025-40155

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: debugfs: Fix legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b. SSPTPTR maybe uninitialized or zero in that case and may cause oops like: Oops: general protection fault,...

UBUNTU-CVE-2025-40155

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: debugfs: Fix legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b. SSPTPTR maybe uninitialized or zero in that case and may cause oops like: Oops: general protection fault,...

CVE-2025-40155

The CVE-2025-40155 issue is in the Linux kernel iommu/vt-d: debugfs legacy mode page table dump logic. In legacy mode, SSPTPTR may be ignored when TT is not 00b or 01b, leaving SSPTPTR uninitialized/zero and risking an OOPs like a general protection fault. The publicly provided fixes add a guard ...

EUVD-2009-4696

Malware in sbrugna...

EUVD-2024-34791

Malicious code in bioql PyPI...

SUSE CVE-2023-53371

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix memory leak in mlx5efsttredirectanycreate The memory pointed to by the fs-any pointer is not freed in the error path of mlx5efsttredirectanycreate, which can lead to a memory leak. Fix by freeing the memory in the...

Linux Distros Unpatched Vulnerability : CVE-2018-11743

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The initcopy function in kernel.c in mruby 1.4.1 makes initializecopy calls for TTICLASS objects, which allows attackers to cause a denial of service mrbhashkey...

Linux Distros Unpatched Vulnerability : CVE-2023-45927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function ttsprintf. CVE-2023-45927 Note that Nessus relies on the presence of the package...

PT-2025-46630

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0 191 Description The Linux kernel contains a flaw within the iommu/vt-d subsystem related to debugfs and legacy mode page table dump logic. In legacy mode, the SSPTPTR is not properly checked, potentially...

MAL-2025-37268 Malicious code in tt-catalogcomponent-test-env (npm)

The package tt-catalogcomponent-test-env was found to contain malicious code...

MAL-2025-14887 Malicious code in asd-tt (npm)

The package asd-tt was found to contain malicious code...